Blog Posts Tagged with "Social Engineering"

Terms such as revolutionary, and groundbreaking are often used in reference to the web and social media. The web and social media have also been so for scammers, thieves, liars, manipulators, and the like who use social media in a big way. To avoid being caught in their lair, it is imperative to know the risks...

Activities that threaten your business are the downloading and opening of attachments and Internet files that contain malicious software, and the electronic delivery/distribution of business sensitive information without encryption. This may done either accidentally or deliberately by a disgruntled employee...

There have been all kinds of document attacks, but what about PowerPoint? It turns out that PowerPoint makes it easy for an attacker to turn innocent slideshows into a nasty little attack. The attack involves four simple steps: Make a slideshow, make an action, rename the file and distribute it. Here's how...

Training and education are key elements to securing data. The advances in detection and monitoring solutions have placed more capable tools in the security professional’s toolbox, but APT attacks have grown in sophistication and perseverance – often leading to successful attacks and subsequent data loss...

Pro-Israeli hacker Yourikan (you-r!-k@n) is claiming to have hacked and defaced as many as ninety-one Iranian websites including government, education and business targets in protest of Iran's continued pursuit of nuclear weapons and support for terrorist activities targeting Israel...

Security awareness training has its place, but it is not a silver bullet. The world is full of risks and a security professional’s job is to minimize those risks and manage the remaining residual risk. This is why security is done in layers, so that when people make that mistake you minimize the impact...

There are bots creating a significant number of fake profiles, which are managed by machines capable of interacting with each other and with real users, thus changing the "sentiment" and "conversation" on a large-scale, as well as altering the social graph to preclude meaningful correlations of data...

Cyberthieves are trolling the internet for information and with a convincing phone call trying to trick parents out of thousands of dollars. It sounds like this scam would be easy to spot but it’s so scary, so emotional, and happens so often even Western Union employees are trained to ask questions...

The Mahdi attack is based on two well known techniques used to deliver malicious payloads, and the huge quantity of data collected reveals the real targets of the operation are government agencies, critical infrastructure engineering firms and financial houses...

A new campaign using Blackshades Remote Controller has been discovered via a message sent from a compromised Skype account. This malware gives an attacker the ability to execute arbitrary code on the infected computer. There is no guarantee that the attacker has not installed additional malicious software...

The Social Engineering Toolkit included with Backtrack 5 is a great way for penetration testers to see how well their network and users would stand up to Social Engineering attacks. In this tutorial I will demonstrate how SET can be used to set up a realistic looking website to harvest e-mail usernames and passwords...

Instantly with a JavaScript keylogger. In this brief tutorial, we show you how we can use the Metasploit JavaScript Keylogger auxiliary module in a penetration testing phishing campaign or user awareness training. This is intended for informational and/or educational purposes only...

We’ve been saying for years that the human element is the weakest link in cybersecurity. Kevin Mitnick (out of prison now and doing well) was an extremely talented hacker but what set him apart was his research into potential victims and then having the audacity to social engineer them...

SMiShing is a version of phishing in which scammers send text messages. The best protection from this scam is awareness. Once you understand how it works, you are better positioned to recognize mobile phishing, and how to avoid clicking links within emails or text messages and otherwise responding to such ruses...

People put a lot of personal information on LinkedIn - their education and job experience, along with the groups that they belong to - treasure trove of information to Social Engineers. Of all the online social sites, LinkedIn users should really choose a long complex password to secure their account...